package com.example.ry.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.alibaba.fastjson.JSONObject;

@Controller
public class ShiroController {

	@GetMapping("login")
	public String login() {
		return "login";
	}
	
	@PostMapping("login")
	@ResponseBody
	public JSONObject loginAuth(String username,String password) {
		System.out.println("***********登录验证************");
		JSONObject json = new JSONObject();
		json.put("result", false);
		UsernamePasswordToken token = new UsernamePasswordToken(username, password,true);
		Subject subject = SecurityUtils.getSubject();
		try {
			subject.login(token);
			json.put("token", subject.getSession().getId());
			json.put("msg", "登陆成功");
			json.put("result", subject.isAuthenticated());
		} catch (IncorrectCredentialsException  e) {
			e.printStackTrace();
			json.put("msg", "密码错误");
		} catch (LockedAccountException  e) {
			e.printStackTrace();
			json.put("msg", "用户已冻结");
		} catch (AuthenticationException e) {
			e.printStackTrace();
			json.put("msg", "用户不存在");
		} catch (Exception e) {
			e.printStackTrace();
			json.put("msg", "出错了");
		}
		return json;
	}
	
	@RequestMapping("index")
	public String index() {
		System.out.println("**************访问首页*************");
		Subject subject = SecurityUtils.getSubject();
		System.out.println(subject.isPermitted("add"));
		return "index";
	}
	
	//登出
    @RequestMapping(value = "logout")
    @ResponseBody
    public String logout(){
    	System.out.println("**************访问logout页*************");
        return "logout";
    }
	
	// 错误界面展示,需要get请求方式，否则访问不到这个方法
	@GetMapping("error")
	public String error() {
		System.out.println("**************访问error页*************");
		return "error";
	}
	
	@RequiresPermissions("add")
	@RequestMapping("add")
	@ResponseBody
	public String add() {
		System.out.println("**************访问add*************");
		return "add";
	}
	
	@RequiresPermissions("del")
	@RequestMapping("del")
	@ResponseBody
	public String del() {
		System.out.println("**************访问del*************");
		return "del";
	}
	
	@RequiresPermissions("edit")
	@RequestMapping("edit")
	@ResponseBody
	public String edit() {
		System.out.println("**************访问edit*************");
		return "edit";
	}
	
	@RequiresPermissions("sel")
	@RequestMapping("sel")
	@ResponseBody
	public String sel() {
		System.out.println("**************访问sel*************");
		return "sel";
	}
	
}
